Cable television networks such as those provided by Comcast Cable Communications, Inc., of Philadelphia, Pa., Cox Communications of Atlanta Ga., Tele-Communications, Inc., of Englewood Colo., Time-Warner Cable, of Marietta Ga., Continental Cablevision, Inc., of Boston Mass., and others provide cable television services to a large number of subscribers over a large geographical area. The cable television networks typically are interconnected by cables such as coaxial cables or a Hybrid Fiber/Coaxial ("HFC") cable system which have data rates of about 10 Mega-bits-per-second ("Mbps") to 30+ Mbps.
The Internet, a world-wide-network of interconnected computers, provides multi-media content including audio, video, graphics and text that requires a large bandwidth for downloading and viewing. Most Internet Service Providers ("ISPs") allow customers to connect to the Internet via a serial telephone line from a Public Switched Telephone Network ("PSTN") at data rates including 14,400 bps, 28,800 bps, 33,600 bps, 56,000 bps and others that are much slower than the about 10 Mbps to 30+ Mbps available on a coaxial cable or HFC cable system on a cable television network.
With the explosive growth of the Internet, many customers have desired to use the larger bandwidth of a cable television network to connect to the Internet and other computer networks. Cable modems, such as those provided by 3Com Corporation of Santa Clara, Calif., U.S. Robotics Corporation of Skokie, Ill., and others offer customers higher-speed connectivity to the Internet, an intranet, Local Area Networks ("LANs") and other computer networks via cable television networks. These cable modems currently support a data connection to the Internet and other computer networks via a cable television network with a data rate of up to 30+ Mbps which is a much larger data rate than can be supported by a modem used over a serial telephone line.
However, most cable television networks provide only uni-directional cable systems, supporting only a "downstream" data path. A downstream data path is the flow of data from a cable system "headend" to a customer. A cable system headend is a central location in the cable television network that is responsible for sending cable signals in the downstream direction. A return data path via a telephone network, such as a public switched telephone network provided by AT&T and others, (i.e., a "telephony return") is typically used for an "upstream" data path. An upstream data path is the flow of data from the customer back to the cable system headend. A cable television system with an upstream connection to a telephony network is called a "data-over-cable system with telephony return."
An exemplary data-over-cable system with telephony return includes customer premise equipment (e.g., a customer computer), a cable modem, a cable modem termination system, a cable television network, a public switched telephone network, a telephony remote access concentrator and a data network (e.g., the Internet). The cable modem termination system and the telephony remote access concentrator together are called a "telephony return termination system.".
The cable modem termination system receives data packets from the data network and transmits them downstream via the cable television network to a cable modem attached to the customer premise equipment. The customer premise equipment sends response data packets to the cable modem, which sends response data packets upstream via public switched telephone network to the telephony remote access concentrator, which sends the response data packets back to the appropriate host on the data network.
When a cable modem used in the data-over-cable system with telephony return is initialized, a connection is made to both the cable modem termination system via the cable network and to the telephony remote access concentrator via the public switched telephone network. When a cable modem is initialized, it will initialize one or more downstream channels (i.e., downstream connections) to the cable modem termination system via the cable network or the telephony remote access concentrator via the public switched telephone network.
As part of the initialization sequence, a cable modem receives a configuration file from a protocol server (e.g., a Trivial File Transfer Protocol ("TFTP") server) with multiple configuration parameters used to configure and initialize the cable modem. The cable modem performs a number of tests on the configuration file to confirm the integrity of the configuration parameters contained in the configuration file. For example, the configuration file typically includes one or more Message Integrity Check ("MIC") fields. The MIC fields are created on the protocol server by performing a cryptographic hashing function on the configuration parameters (e.g., with Message Digest 5 ("MD5")), and sending the MIC fields with the configuration file. The cable modem verifies the integrity of the configuration file by using the same cryptographic hashing function on the configuration parameters and comparing the cryptographic hashing values to cryptographic hashing function value in the MIC fields.
There are several problems associated with sending a configuration file from a protocol server to a cable modem. A configuration file sent from a protocol server to a cable modem with one or more MIC fields is still vulnerable to malicious attacks. The configuration file can be intercepted and used by rouge cable modems to attack the data-over-cable system or obtain free services on the data-over-cable system. The MIC fields allow the integrity of the configuration file to be verified by the cable modem. However, the MIC fields do not include an identifier such as a configuration parameter for a cable modem receiving the configuration file, nor do the MIC fields identify a time period during which the configuration information can be used by the cable modem. Thus, the MIC fields, as they are presently used in the configuration file, do not prevent a malicious user from intercepting and re-using the configuration file for use by another "rouge" cable modem at another time.
For example, a rouge user could intercept a configuration file sent to a legitimate cable modem. At a later time, the rouge user uses all of the configuration information exactly as it was intercepted. The rouge user initializes the rouge cable modem using the configuration file and registers the cable modem with a cable modem termination system. Since the configuration information was used exactly as it was intercepted, when the cable modem termination system checks the MIC fields, the configuration information is verified as valid and the rouge user masquerades as a "legitimate" cable modem user thereby receiving free services or attacking the data-over-cable system.
It is therefore desirable to improve the security for transferring configuration information from protocol servers to the cable modems in a data-over-cable system so the configuration information cannot be re-used by other rouge cable modems at another time.